Windows
Analysis Report
Invoice #23078.pdf
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 6724 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\I nvoice #23 078.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7156 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 1612 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 96 --field -trial-han dle=1744,i ,169566423 4869696177 6,15655649 5275620026 10,131072 --disable- features=B ackForward Cache,Calc ulateNativ eWinOcclus ion,WinUse BrowserSpe llChecker /prefetch: 8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.56.162.185 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1523654 |
Start date and time: | 2024-10-01 22:19:13 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 42s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Invoice #23078.pdf |
Detection: | CLEAN |
Classification: | clean2.winPDF@14/42@1/1 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 2.19.126.143, 2.19.126.149, 52.5.13.197, 54.227.187.23, 52.202.204.11, 23.22.254.206, 172.64.41.3, 162.159.61.3, 2.23.197.184
- Excluded domains from analysis (whitelisted): www.bing.com, dl.delivery.mp.microsoft.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, tse1.mm.bing.net, p13n.adobe.io, arc.msn.com, acroipm2.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
- VT rate limit hit for: Invoice #23078.pdf
Time | Type | Description |
---|---|---|
16:20:45 | API Interceptor |
Input | Output |
---|---|
URL: PDF document Model: jbxai | { "brand":["Wells Fargo"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
23.56.162.185 | Get hash | malicious | LonePage | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| ||
Get hash | malicious | Amadey | Browse |
| ||
Get hash | malicious | PureLog Stealer | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.187536221045828 |
Encrypted: | false |
SSDEEP: | 6:4XRQi+q2Pwkn2nKuAl9OmbnIFUt8TXB32WZmw+TXB39VkwOwkn2nKuAl9OmbjLJ:4BQi+vYfHAahFUt8Tx32W/+Tx39V5JfC |
MD5: | 78CC519C25922A5639A56D537A46E595 |
SHA1: | 02807F2C7D842053EC3619048E55223E3BD777FA |
SHA-256: | AECF2B4F5BEAA5DF87661B935CBCE69D800852133232899C0666D1CE22E5E979 |
SHA-512: | 20A420AFA56165FE193034C1F892698E1FC35D4AC0C10159240D812C7426E57F50F8902D6C2ED8AE6BAFD44608A8551DD1A47FB80A42EE208F069BC3DF72DFE3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.187536221045828 |
Encrypted: | false |
SSDEEP: | 6:4XRQi+q2Pwkn2nKuAl9OmbnIFUt8TXB32WZmw+TXB39VkwOwkn2nKuAl9OmbjLJ:4BQi+vYfHAahFUt8Tx32W/+Tx39V5JfC |
MD5: | 78CC519C25922A5639A56D537A46E595 |
SHA1: | 02807F2C7D842053EC3619048E55223E3BD777FA |
SHA-256: | AECF2B4F5BEAA5DF87661B935CBCE69D800852133232899C0666D1CE22E5E979 |
SHA-512: | 20A420AFA56165FE193034C1F892698E1FC35D4AC0C10159240D812C7426E57F50F8902D6C2ED8AE6BAFD44608A8551DD1A47FB80A42EE208F069BC3DF72DFE3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 333 |
Entropy (8bit): | 5.187176079330177 |
Encrypted: | false |
SSDEEP: | 6:4XDFdxq2Pwkn2nKuAl9Ombzo2jMGIFUt8TXYcLJZmw+TXBFqzkwOwkn2nKuAl9OU:4TxvYfHAa8uFUt8TIcLJ/+TjS5JfHAaU |
MD5: | AACC854099654815B3B6809F4DA13EE4 |
SHA1: | C1E19FED029CCD2ABBE39557AA37EF913CA3CD45 |
SHA-256: | 09226BD01215005731710E45C7BEB740366F1041384B901F833D4C5D0E0F2B98 |
SHA-512: | 21330FDB5DB1E9E9FA546B3E0F67D407B434E7D94CC73A07192BBE82F7797518D798E8870BEC1DBC58FA784681091B8733F7A35725D9C953A5CD10AC14DD3B3F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 333 |
Entropy (8bit): | 5.187176079330177 |
Encrypted: | false |
SSDEEP: | 6:4XDFdxq2Pwkn2nKuAl9Ombzo2jMGIFUt8TXYcLJZmw+TXBFqzkwOwkn2nKuAl9OU:4TxvYfHAa8uFUt8TIcLJ/+TjS5JfHAaU |
MD5: | AACC854099654815B3B6809F4DA13EE4 |
SHA1: | C1E19FED029CCD2ABBE39557AA37EF913CA3CD45 |
SHA-256: | 09226BD01215005731710E45C7BEB740366F1041384B901F833D4C5D0E0F2B98 |
SHA-512: | 21330FDB5DB1E9E9FA546B3E0F67D407B434E7D94CC73A07192BBE82F7797518D798E8870BEC1DBC58FA784681091B8733F7A35725D9C953A5CD10AC14DD3B3F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 475 |
Entropy (8bit): | 4.962298324517204 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqoShsBdOg2H4caq3QYiubInP7E4T3y:Y2sRds7dMHz3QYhbG7nby |
MD5: | 72095C884E844720EA6B537F229B57CC |
SHA1: | 2E6CA6207F92289C5F8125431470081FA30F4256 |
SHA-256: | A08A7F6C98AFECB9208A6DB728D83126529B3CE8E7914C3E5F72D0A5F9917F67 |
SHA-512: | 670D5A256BE5BB6670DEA92C21235767DF1FB0E4BAE245C0AAD1017802F30C8A905913ECF4D0C07DB0ECDAE23F3F55681CF155181F659CCD6902115C4DBB68EC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c536468c-432b-452e-b305-a4edc4e15403.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 475 |
Entropy (8bit): | 4.962298324517204 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqoShsBdOg2H4caq3QYiubInP7E4T3y:Y2sRds7dMHz3QYhbG7nby |
MD5: | 72095C884E844720EA6B537F229B57CC |
SHA1: | 2E6CA6207F92289C5F8125431470081FA30F4256 |
SHA-256: | A08A7F6C98AFECB9208A6DB728D83126529B3CE8E7914C3E5F72D0A5F9917F67 |
SHA-512: | 670D5A256BE5BB6670DEA92C21235767DF1FB0E4BAE245C0AAD1017802F30C8A905913ECF4D0C07DB0ECDAE23F3F55681CF155181F659CCD6902115C4DBB68EC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4730 |
Entropy (8bit): | 5.2531204745190605 |
Encrypted: | false |
SSDEEP: | 96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7X2572lZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goR |
MD5: | DF600CFE70A002FB2C000E7B0B0BCA74 |
SHA1: | 4415905284D35ABFD6CB887E6409D62E58460AF4 |
SHA-256: | 62A1E606D640DB38222501FD2DD8EA2B3FD53AC1CC3A8156E06AF089CD469E87 |
SHA-512: | A9DA2F2C753A2F8BFE2D7A1865B6FC489F4AA409966B273A3AAAFBCC9B2AF0D6C2315387C15ECD110A2305E54C9F9FFA279FE4A3A31886A102262FFF865D66F0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 321 |
Entropy (8bit): | 5.195900453527473 |
Encrypted: | false |
SSDEEP: | 6:4XEq2Pwkn2nKuAl9OmbzNMxIFUt8TXnFZZmw+TX3MkwOwkn2nKuAl9OmbzNMFLJ:4UvYfHAa8jFUt8TXFZ/+THM5JfHAa84J |
MD5: | 25A790D35A2591537A53D601531FAE5E |
SHA1: | 35EDE3870D431B5E2C4FBC533F6858F3B1586164 |
SHA-256: | 02D1E74456419BF1B5A7674E8C7E7548B4D27C801273628FEACAD435BAD12FA2 |
SHA-512: | 1F66AA3F1C7B42C8A776F24467D6CC1EC6A5A556470D7762B35706049174F01E37C0F13879B52BC62AD9D49A6B2E5E19A1113EA890111B58757682D7D72537D9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 321 |
Entropy (8bit): | 5.195900453527473 |
Encrypted: | false |
SSDEEP: | 6:4XEq2Pwkn2nKuAl9OmbzNMxIFUt8TXnFZZmw+TX3MkwOwkn2nKuAl9OmbzNMFLJ:4UvYfHAa8jFUt8TXFZ/+THM5JfHAa84J |
MD5: | 25A790D35A2591537A53D601531FAE5E |
SHA1: | 35EDE3870D431B5E2C4FBC533F6858F3B1586164 |
SHA-256: | 02D1E74456419BF1B5A7674E8C7E7548B4D27C801273628FEACAD435BAD12FA2 |
SHA-512: | 1F66AA3F1C7B42C8A776F24467D6CC1EC6A5A556470D7762B35706049174F01E37C0F13879B52BC62AD9D49A6B2E5E19A1113EA890111B58757682D7D72537D9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241001202037Z-178.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 0.973465780341572 |
Encrypted: | false |
SSDEEP: | 96:F81UDCh7hGWLcYawll1zHJeUETkR32cqOb:F8lhraKR32tOb |
MD5: | 4F23F8E55E1FB0B81A7BFD1C5CB98313 |
SHA1: | 64C7F429678D47416771BA7A4346A287E2B3A1B3 |
SHA-256: | AB549DDB947E1C10501AD880672B5FA6112C58E359100F8E2F49379B478582B7 |
SHA-512: | 9B8B60548716DB7D2F53BB55813865E171D1E37E5D8D1349A9809C114AFDDF11E6AAD0CBA62314469D34CCAE6C95936D08434058155A01FEC2B7997E6328F0F6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444930560670635 |
Encrypted: | false |
SSDEEP: | 384:yezci5t+iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rRs3OazzU89UTTgUL |
MD5: | 5A68CD7918ED30214787EC68FB815410 |
SHA1: | 93BAFDEF4DD06432A4AF34D2FDA6DBB79E815980 |
SHA-256: | D6BE7381B8EFA6F364FF1F26501DF780501ACDE3968DC6714A6757097F6A87A7 |
SHA-512: | 1080E1E77FDB57A748F8B5722A6676F81130B7CD54B8F07A6A4C474F73A61FD93297D0BDDF7ABC37E7146B738A7B75C6E60EE4C4FCE2C7DD5B1A4A67376823AE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7750152360076896 |
Encrypted: | false |
SSDEEP: | 48:7MuXp/E2ioyVfioy9oWoy1Cwoy1jKOioy1noy1AYoy1Wioy1hioybioynoy1noyq:7JXpjufFWXKQOqb9IVXEBodRBkT |
MD5: | 3FECDEF7800F5D273E233F176AE3BB4C |
SHA1: | 18F30B64A6A3459D4BF452FD13392959B9683B1E |
SHA-256: | E7816515ED313156C463C4021CBC66C39E9992A20C1367814A94A02BF06CF465 |
SHA-512: | 7321FEB0670CC259E20AC6B4FE4F2FC2B9C2D544ADF49B386E7418CE6140722AA407E2F309080A7FF56B75C65B690DB50660D14E7EC350528CADCCCC36442CE3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7321365340992054 |
Encrypted: | false |
SSDEEP: | 3:kkFklHApblfllXlE/HT8ksHzvNNX8RolJuRdxLlGB9lQRYwpDdt:kKfpbmT8hVNMa8RdWBwRd |
MD5: | 6CACCC85E7D2FE2114387A8A8E13FBE0 |
SHA1: | A2328C101BD1BB4E06EB808E22C0652D114C68D7 |
SHA-256: | EEC3F79A649894808E95F17059E821606EAA53974CD8C8E27B404FBDA25357A0 |
SHA-512: | B8DE265EF3EA69A4C0652CEF681A7A8540A689C509549ED2F64144EC2173AB4E01D71C5B9EBB16130541CD627A9580F21790013A2F1F3BF9EA55B67A9C979221 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.350522874237589 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPCbVVwxBVoZcg1vRcR0Yv6VeoAvJM3g98kUwPeUkwRe9:YvXKXP8VOiZc0vG6VVGMbLUkee9 |
MD5: | 84490514E220E781FE8769B146EC48D9 |
SHA1: | C08EDAA7627DCB30FADFF81E2C195C1388AE9E2B |
SHA-256: | 09A4108813A3DA32E52972D592BFDAE9BBA745F099C1C3CE699C1D5396513F91 |
SHA-512: | 6296FFB9177DC9B9C27558738A442A554A471C0C5D7CD594A4AC880DD9E5068A954234887538FC20D8FC676ECC9FDFC64EE6426F5F9C2D1FC2662238187AC928 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.297961536209902 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPCbVVwxBVoZcg1vRcR0Yv6VeoAvJfBoTfXpnrPeUkwRe9:YvXKXP8VOiZc0vG6VVGWTfXcUkee9 |
MD5: | CD22F20C67643F5C29B87ACD4CAE7F4E |
SHA1: | BD74F0330F2A9A516E3987278E5F8604032FDA7A |
SHA-256: | 6BCA10083A0F1C1527CBB6FEC092D91CFA68F66B6DBE75B3D750D4C129647F83 |
SHA-512: | BB8901CF71F486FD28CD22553A45FBB98C3739275E9A354AFDC9FCE9ACB89B19975252197877EC1B2D64E4E7F875DA166C1F0A5133C18E5FCBBE072B59F68BC3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.276509852735908 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPCbVVwxBVoZcg1vRcR0Yv6VeoAvJfBD2G6UpnrPeUkwRe9:YvXKXP8VOiZc0vG6VVGR22cUkee9 |
MD5: | 40C5DE3A7E9FD242FA04FE5EF6979CC6 |
SHA1: | D64C38A3E460F636A637500D52607CEE52E5D8ED |
SHA-256: | C16814FDA4693C46AF48AD5254C57D9B23D5809E287B5A9DA0C7E519878F2E82 |
SHA-512: | 10EA49AF565C574E3F8D7555C257C36AA2C0B27573F85BDCE8C650148D92CD8B3E32C0BD45B390F2F9480ABB7D7D9022CF6E4350DA9B0FB09C82683ED968F48F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.337082836149253 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPCbVVwxBVoZcg1vRcR0Yv6VeoAvJfPmwrPeUkwRe9:YvXKXP8VOiZc0vG6VVGH56Ukee9 |
MD5: | CCCD792E79EF7698E142D8522299FE0B |
SHA1: | 15055BA4D5DD5ABC5C4A395B078AEF2B9B61255E |
SHA-256: | 998EA82A7458FE342DDB185F275970E7AECA41E0A39E0E58F65B02892475558B |
SHA-512: | E984A7CDE58BDAB102CD7BCD1715BEED8FABEBC70A96B8EBE20F7BC8601442689EEA90ADB617FFC1101D0DAC392D53EA7E0F5FE3EBE0A749B22332FFBD97EE80 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.668944193487054 |
Encrypted: | false |
SSDEEP: | 24:Yv6XPgHzvGa6pLgEFqciGennl0RCmK8czOCY4w2V:YvIgTmhgLtaAh8cvYvq |
MD5: | 118058A5260BC84C037AC08ECD7B3DBA |
SHA1: | D8A9CE156ED0F58D563536B5BE94CE2B24B2911E |
SHA-256: | E323D100F74EC2114D38C8207A3368774AE7AE96C0F8CD9BA8C74A3C414D325A |
SHA-512: | 6C023D89F879F324115CC8F822CD39FAF7CCBE4124527E68E28E4E7F225D413F4A24DF67C5A0CB97048D4EC4AC153FEE1551F632621647509998D76F247E31C5 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.656614442116559 |
Encrypted: | false |
SSDEEP: | 24:Yv6XPgHzvGacVLgEF0c7sbnl0RCmK8czOCYHflEpwiVV:YvIgTQFg6sGAh8cvYHWpwU |
MD5: | B338C028998F8101DE2AAEE71AFD8692 |
SHA1: | 6111560BCA470ACC3A54EE57775E654DB8B78FED |
SHA-256: | 181E480AFD426F1F746192BED24F44CBBF8F9432148A006E9152AFAE65A9A72E |
SHA-512: | 3CF1263BE169C74C71070E756FEE6EEE9F097149F82D1258BF88FD6C882A64C4213A907281C2E9271C59DEF430DEC01E7914B49CDD04465F312F3A69415A652A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.290346179961023 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPCbVVwxBVoZcg1vRcR0Yv6VeoAvJfQ1rPeUkwRe9:YvXKXP8VOiZc0vG6VVGY16Ukee9 |
MD5: | 78BC43089C406125A123FDACEA1DD470 |
SHA1: | 503D6FD675994DEC2A66037A5AA38EAC010EBE6F |
SHA-256: | 03BEE7A25B9DA1B3DAC0F289BF0C6B13E4E146CBBA92C99CE75A84F443D9659E |
SHA-512: | DFEE147AC6904B18B38697E55F5A61F9FCA06D534B188C2BCA8EEBFEE365F12BA133D3B7EDF5E4D34AE0AF2CB48AE8530580ACEE45CCAC05D516F55304A396BF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.650104395079047 |
Encrypted: | false |
SSDEEP: | 24:Yv6XPgHzvGaB2LgEF7cciAXs0nl0RCmK8czOCAPtciBV:YvIgT1ogc8hAh8cvAP |
MD5: | A3E44E0F217D6BB2113F73BDF25B0371 |
SHA1: | 08E92A49BD7CA19CE6616F31434D2A7A4880E9E0 |
SHA-256: | FAFE2BAAEFA23CF26156515E2B1807415F3FEED95FCC64F13D665EA7B9122F81 |
SHA-512: | 5F9CD851075E40D61DFFF2CDFF4D33C5B9F0E2DABBCD94F45972CB8E4C8AA799C782216C752C0984EFA56FA39D5F57407EACC91FCAFDCD21BC1B6DDF913EDDB9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.7029347506264845 |
Encrypted: | false |
SSDEEP: | 24:Yv6XPgHzvGaBKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5V:YvIgTdEgqprtrS5OZjSlwTmAfSK7 |
MD5: | 3632293993B95E36FE4D233E5ED61D2E |
SHA1: | 968D4CF0A90D1256720D3FE1366CCC9617419824 |
SHA-256: | A384A4D7EA449D2D1B5ACEA377935BDE3AE61101E1CA4684F89F9A4549EFAF27 |
SHA-512: | 77F144CB81BFBD42935E2B1ED421F449777E934E660421067BFD04733666425226F4000DB810C6310791CB682CD9DB76AB315EDACC846B174316661F7D1AE89E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.292907726485275 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPCbVVwxBVoZcg1vRcR0Yv6VeoAvJfYdPeUkwRe9:YvXKXP8VOiZc0vG6VVGg8Ukee9 |
MD5: | 90325378EB2D8C7425258E6062D4C063 |
SHA1: | DF343A829659D5E43AE237C5386E55DFEBAE6F7C |
SHA-256: | 76091EB142A38CB8ACD39A7C92F7886D3D9F81CEC9C7395297C0F6E0099989A6 |
SHA-512: | CC326044891B978319C80A8BE7AA2DB18E1D56D61EE8C4325B1BA6883E92B4677FE9E2840F41735DDF457B05256CEECAC76048D0E31DA3F91A677512014A976C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.778361128153731 |
Encrypted: | false |
SSDEEP: | 24:Yv6XPgHzvGaMrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN9:YvIgTgHgDv3W2aYQfgB5OUupHrQ9FJ7 |
MD5: | 5F3CE6D24D53CD8BF960022053CB1755 |
SHA1: | D4F2F8D4116974FC91E7E05A128DB8CE89356C86 |
SHA-256: | CA9E33CA213013B4D4F7CC7C021D4CC30AD8E11BABA26B364F1BF79B2EA2AF5D |
SHA-512: | 97460527D3D411007A2747E41B67DB1F25F41AA2391E5283C53D2C8AE04320CDC0E80AE9E418E704FC82D6F52B807F862EEE0C806D385CDE5AABAB8E532AC8E0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.276503568307008 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPCbVVwxBVoZcg1vRcR0Yv6VeoAvJfbPtdPeUkwRe9:YvXKXP8VOiZc0vG6VVGDV8Ukee9 |
MD5: | 37855BE728E1F88C0D27BD0F493C83B2 |
SHA1: | D13FA243A2E0397F838958D41E0584AF5C21CEB6 |
SHA-256: | 8FA75F2D3322FFABEFC3747B0F6F3FFD2CE1FA581BD8FC5177792013CC9C7958 |
SHA-512: | 6DE49CD9B6496787F3700403991E86E269582F3BD9306E2D740DE68294A5AAB2ACE693F5D46EC521C78214BF956D209FE3AC5A42C95C0B19486BBA3C096DA00A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.280742472675458 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPCbVVwxBVoZcg1vRcR0Yv6VeoAvJf21rPeUkwRe9:YvXKXP8VOiZc0vG6VVG+16Ukee9 |
MD5: | 1C1D1B4D3775A3F73AA82F80967E3AAF |
SHA1: | 71F16063AC04FE288BA314F55F37BF2ED481C224 |
SHA-256: | D4131779B9F973CA7345CBF9FEE6C897D9F05B38D5668EFF300013C4F37D82F8 |
SHA-512: | F9A489ABEF169EE28499D379A33B257DCC0FB6C48EC8A1D78B9AA435BC9136EA6AF7842FA7DBF4660E56179843B5AD6E29961C22501B8F3BCE86904F39FE1222 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.656736340312317 |
Encrypted: | false |
SSDEEP: | 24:Yv6XPgHzvGamamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BV:YvIgT0BguOAh8cv+NKC |
MD5: | B96B6C8B1B25233CB59A0D7798692007 |
SHA1: | DF742997207715321B64E0F9ACE1972EA767E4EE |
SHA-256: | 549DA993C0BE5B296528E86026442A4C970B1C23282B83C3254502CA27912177 |
SHA-512: | 9C0E02ACE3B0F8C13E9B4DCB9968176AA5C30B9CAF794A9C3452590BB8745FBF95502BEEDC8CFE884B9CF872C9CD91058A19B6363502CD9D0D60867A021FBDA1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.258963515123824 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXPCbVVwxBVoZcg1vRcR0Yv6VeoAvJfshHHrPeUkwRe9:YvXKXP8VOiZc0vG6VVGUUUkee9 |
MD5: | 60DAF829543334CECEBEB948155C51DC |
SHA1: | 117DC9E64CD38C31F803690D096243E4EF0F2AAC |
SHA-256: | 03B038E61B937A51153048282DD934571AED6F54DE2C9B84364B261055E934EA |
SHA-512: | 7546F70458E44216A1897C77570BFD0F3032F929953FDF5C315255D71A947592EA4829A6BBE3CF05E3ACF0A5DAC3B73781CE04AF1C415DDC99A83A07B402A82F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.3710030986100445 |
Encrypted: | false |
SSDEEP: | 12:YvXKXP8VOiZc0vG6VVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWB:Yv6XPgHzvGax168CgEXX5kcIfANhU |
MD5: | 6C0AD9723A4F25CF743C2BD6C93985AA |
SHA1: | EBD3905899740AAAFC33CB729438B8E4A0C71358 |
SHA-256: | 9A7213BF1B3AC55363402EBC1127E4C6366C7B478D035B4256FC250F13CC198D |
SHA-512: | E77495816BDB33D5A224F26016F7616383F6E5DB46ED6E0BD949EAEF5E4381AE06AE7376A89BFC220B7A30BB2F11778B5DC8086F91ECFF20648066EB0036F0F7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.136190493029926 |
Encrypted: | false |
SSDEEP: | 24:YdB1P4XaMayv223d+jrSC7c/j2EyIUxMrokjz78j0S4zVCk2WGx2LSyz7589D5mz:YDLmMjGOc/RyINNHOGzPGxIz7O9D5o |
MD5: | 942E15035CAFA5EB5E7FBBB9A71AA24A |
SHA1: | A32099206AECE5159F1008CCDC83833F8FD42CC9 |
SHA-256: | 32795F1A9D98070AC2932439E9AA44A9FF87F023857B751DFF658226FFBC59D9 |
SHA-512: | 0DE1EC38B3DA45C5A903ED0575CF0BCBBAC879D2E067AD9D61102DF3B02D3D79335D748208894C964CE05A80A014826DF25B81AA399A34F9882A662CF92E0DCB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.1877234294846482 |
Encrypted: | false |
SSDEEP: | 48:TGufl2GL7msEHUUUUUUUUHWSvR9H9vxFGiDIAEkGVvpzQ:lNVmswUUUUUUUU2+FGSItw |
MD5: | 791637F2224A9B76D954CDFB17AB1A6E |
SHA1: | 8E3EEBDE0B884DBD89BFD4FAE8DA54C43C4A46FD |
SHA-256: | 37691AD663CB4FD19A3E650DDC588D228FDB3BDABE712541D93F197847A000FD |
SHA-512: | E40E47FEB49825141577B8AB498DF2898FF8C4F2F98F751FD14C1AD3A764DD6ADBE08D77CC741F5AB4D77069DD56B28677C1959926FBED0BCC1974FD0D145273 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.6082130150136487 |
Encrypted: | false |
SSDEEP: | 48:7MfqKUUUUUUUUUUH0vR9H9vxFGiDIAEkGVvWqFl2GL7msc:7SxUUUUUUUUUUEFGSItsKVmsc |
MD5: | 0744EDC506224A970A9C30B3CB924E18 |
SHA1: | 39A34135349737FFB25210740FAAD06228CA3AC1 |
SHA-256: | AEADB4CD33C8DC5ABB25089B7629AC9E9060226C3EF29A98EAA35546622BECD6 |
SHA-512: | F81499F88A819D0E51EFDEB5FEDEE01E8A29ADEC3A5E9C8519397FE71D630A510EB93494CD267EDEDE1293EB960AB28FF6612FB3FEACAE709ACAB47FCAF6F979 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.4965336456103326 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K80QRqrN8YH:Qw946cPbiOxDlbYnuRKFN8YH |
MD5: | 7229DDFE260074172148F13103B4DA01 |
SHA1: | 369CBFF97C4A9838347A0FA191A1B78AB27535BC |
SHA-256: | DC0C28431D0596AAB971073DF7038D9B6EEC4C29ACF59268EFB1C71EAB412EE7 |
SHA-512: | A80AB66AAD75F2A0118BC2528897D66E6BE5F1CE906A024CCC0D7D5AE1B3A35881F87D4ABD45122B1B750C6ED95CB3A04DFA8F92837FB72635AF80F17B81BE4A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-01 16-20-34-583.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.345946398610936 |
Encrypted: | false |
SSDEEP: | 384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW |
MD5: | 8947C10F5AB6CFFFAE64BCA79B5A0BE3 |
SHA1: | 70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778 |
SHA-256: | 4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485 |
SHA-512: | B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15114 |
Entropy (8bit): | 5.333885095499786 |
Encrypted: | false |
SSDEEP: | 384:+mE7ctq/hyF+YrZM3lIlprIhtGPrxt5sADYSUrW0wWO/xK5K4JgC4V4pMnd925xn:G4q |
MD5: | B8AA7FDD695A4761A3FD95BFE3F28A80 |
SHA1: | 79EDCA9305C2C506F65725AC4F1E8A0F607E71DF |
SHA-256: | 6E8A1DBB20D5CCB1BE8BB54B382597FB087F0BECE38ADEA2B964571CAAA70CA1 |
SHA-512: | F09A896CDE5D5E098E33D6F1EDE808E646347DFEC06C671288C7C35751D8D62CFC85431A00296F9C45AA4D7C16B2192BD6A78BE810637A6FE76161F2BE00E7BC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.379766766920301 |
Encrypted: | false |
SSDEEP: | 768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r+:K |
MD5: | 8F6A39EE1D53B1ABA653C6C3BEF11850 |
SHA1: | ABE7239E1C65CA2A91DAEBDFDDBCDCFEF667CA6A |
SHA-256: | B8D07599623CC10A1377BF8FE1CB8F40B59E57DBE25817C28CE9523CFDF00D18 |
SHA-512: | 539D3D230E546C2BD95328CD369E405687D1782110B9DA9F6383F45D93DEA69AD247AFD2F8019F64BAF0DE53242F52457FC68293B8E60ED2F6CB79D25CC226E2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.899307529866073 |
TrID: |
|
File name: | Invoice #23078.pdf |
File size: | 2'906'528 bytes |
MD5: | 05aa80f62a47e1a4dac83054c835e3bb |
SHA1: | d1597f07270ce840bc75687fcc70e7c3d7fe649a |
SHA256: | 97f7f2c3f99fecfc9139f22b3309d16691210a72d607e84cade5aae0a812ce66 |
SHA512: | 2187e64ce661f6bf5ff89d7acb67772d4b639e778fbd63f4b4e42c8653ac20089695c1bd9a467da366ec12db5ff5bb15f95f5fbca34c79a916c7c36633366529 |
SSDEEP: | 49152:zeU0b0d0vow8ZJUNhBujTjvdhSq98lSdC0H:VU4AopjUMvJhSjodCu |
TLSH: | 77D5C038BF91AD0EE946C0B1E228E8934FCD9277316974817D1C495B08E6D81F6E739E |
File Content Preview: | %PDF-1.7.%......4 0 obj.<</Filter /FlateDecode /Length 13267 >>.stream.x..}[....&.y....>.S.3X.a.Jy.....v|.u.%..?....c..I.........>].Y.YI.Z.(...T}...q.....>......?.........v......O;)....._..1......j.....O_.M.9..do7n#...?.?"....>.......OE.....2.^.O.....R:.. |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.899308 |
Total Bytes: | 2906528 |
Stream Entropy: | 7.987052 |
Stream Bytes: | 2548417 |
Entropy outside Streams: | 4.979142 |
Bytes outside Streams: | 358111 |
Number of EOF found: | 5 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 1977 |
endobj | 1977 |
stream | 773 |
endstream | 773 |
xref | 0 |
trailer | 0 |
startxref | 5 |
/Page | 7 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 1, 2024 22:20:45.819216013 CEST | 49759 | 443 | 192.168.2.4 | 23.56.162.185 |
Oct 1, 2024 22:20:45.819250107 CEST | 443 | 49759 | 23.56.162.185 | 192.168.2.4 |
Oct 1, 2024 22:20:45.819320917 CEST | 49759 | 443 | 192.168.2.4 | 23.56.162.185 |
Oct 1, 2024 22:20:45.819534063 CEST | 49759 | 443 | 192.168.2.4 | 23.56.162.185 |
Oct 1, 2024 22:20:45.819549084 CEST | 443 | 49759 | 23.56.162.185 | 192.168.2.4 |
Oct 1, 2024 22:20:46.449428082 CEST | 443 | 49759 | 23.56.162.185 | 192.168.2.4 |
Oct 1, 2024 22:20:46.449755907 CEST | 49759 | 443 | 192.168.2.4 | 23.56.162.185 |
Oct 1, 2024 22:20:46.449783087 CEST | 443 | 49759 | 23.56.162.185 | 192.168.2.4 |
Oct 1, 2024 22:20:46.450856924 CEST | 443 | 49759 | 23.56.162.185 | 192.168.2.4 |
Oct 1, 2024 22:20:46.450948000 CEST | 49759 | 443 | 192.168.2.4 | 23.56.162.185 |
Oct 1, 2024 22:20:46.456881046 CEST | 49759 | 443 | 192.168.2.4 | 23.56.162.185 |
Oct 1, 2024 22:20:46.456948996 CEST | 443 | 49759 | 23.56.162.185 | 192.168.2.4 |
Oct 1, 2024 22:20:46.457165003 CEST | 49759 | 443 | 192.168.2.4 | 23.56.162.185 |
Oct 1, 2024 22:20:46.457173109 CEST | 443 | 49759 | 23.56.162.185 | 192.168.2.4 |
Oct 1, 2024 22:20:46.509366035 CEST | 49759 | 443 | 192.168.2.4 | 23.56.162.185 |
Oct 1, 2024 22:20:46.564975023 CEST | 443 | 49759 | 23.56.162.185 | 192.168.2.4 |
Oct 1, 2024 22:20:46.565046072 CEST | 443 | 49759 | 23.56.162.185 | 192.168.2.4 |
Oct 1, 2024 22:20:46.565125942 CEST | 49759 | 443 | 192.168.2.4 | 23.56.162.185 |
Oct 1, 2024 22:20:46.565500975 CEST | 49759 | 443 | 192.168.2.4 | 23.56.162.185 |
Oct 1, 2024 22:20:46.565521955 CEST | 443 | 49759 | 23.56.162.185 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 1, 2024 22:20:45.398658991 CEST | 49404 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 1, 2024 22:21:57.711818933 CEST | 53 | 51028 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 1, 2024 22:20:45.398658991 CEST | 192.168.2.4 | 1.1.1.1 | 0x3aaf | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 1, 2024 22:20:45.406469107 CEST | 1.1.1.1 | 192.168.2.4 | 0x3aaf | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49759 | 23.56.162.185 | 443 | 1612 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-01 20:20:46 UTC | 475 | OUT | |
2024-10-01 20:20:46 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 16:20:31 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bc1b0000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 16:20:32 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 16:20:32 |
Start date: | 01/10/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff74bb60000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |